Microsoft accidentally ships Nimda in Korea

Sophos Press Release

Microsoft has confirmed that it accidentally distributed to developers a copy of the W32/Nimda virus in Korean versions of its Visual Studio.net package.

The Nimda virus was first seen in September 2001, and can be easily stopped with up-to-date anti-virus software.

According to Christoper Flores, lead product manager for Visual Studio.net at Microsoft, the virus infected a file on the CD after a third party company translated the package into Korean.

Using a vulnerability in Microsoft's IIS web server software, the Nimda virus corrupts websites with malicious code. Without their knowledge, innocent computer users may trigger the virus by simply browsing a website. The virus then forwards itself by email to all addresses found on the user's computer.

There are no reports of anyone having been infected by this new distribution of the virus and Microsoft has published more information on its website at http://msdn.microsoft.com/vstudio/downloads/updates/kohelpfilefix.asp.

"Fortunately, on this occasion, it seems unlikely that people will become infected from this accidental distribution," said Graham Cluley, senior technology consultant for Sophos Anti-Virus. "The company which will be most damaged will be Microsoft itself as its credibility in the security arena takes a knock. However, it would be a mistake for other companies to feel smug about Microsoft's misfortune. All companies should put in place proper safe computing guidelines to minimise the risk of virus infection, and ensure their partners and suppliers do the same."

Sophos recommends that users concerned they may be vulnerable to infection ensure they are running a reliable, up-to-date anti-virus product.


More than 100 million users in 150 countries rely on Sophos’ complete security solutions as the best protection against complex threats and data loss. Simple to deploy, manage, and use, Sophos’ award-winning encryption, endpoint security, web, email, mobile and network security solutions are backed by SophosLabs - a global network of threat intelligence centers. Sophos is headquartered in Oxford, U.K., and is publicly traded on the London Stock Exchange under the symbol “SOPH.” More information is available at www.sophos.com/company.